Red Hat Security Advisory: grafana security update
Red Hat has issued a security advisory addressing two vulnerabilities affecting Grafana in Red Hat Enterprise Linux 8. 8. The first vulnerability (CVE-2025-22871) involves HTTP request smuggling due to improper handling of invalid chunked data in the net/http package. The second vulnerability (CVE-2025-4123) is a high-severity cross-site scripting (XSS) flaw in Grafana via custom frontend plugins and an open redirect issue. These vulnerabilities have been rated as important by Red Hat and fixed in updated Grafana packages for affected Red Hat Enterprise Linux versions. Users should apply the provided updates to remediate these issues. No known exploits in the wild have been reported at this time.
AI Analysis
Technical Summary
This advisory covers two security issues in Grafana as packaged for Red Hat Enterprise Linux 8.8. CVE-2025-22871 is a request smuggling vulnerability in the net/http package caused by acceptance of invalid chunked data, which could allow an attacker to interfere with HTTP request processing. CVE-2025-4123 is a cross-site scripting (XSS) vulnerability in Grafana that arises through custom frontend plugins and an open redirect flaw, potentially enabling script injection attacks. Red Hat has released updated Grafana packages (version 7.5.15-7.el8_8) that address these vulnerabilities. The advisory references Red Hat's official errata RHSA-2025:8685 and provides links for applying the update.
Potential Impact
Successful exploitation of CVE-2025-22871 could allow an attacker to perform HTTP request smuggling attacks, potentially interfering with web request handling. CVE-2025-4123 could enable cross-site scripting attacks via malicious custom frontend plugins or open redirect vectors in Grafana, potentially leading to script execution in the context of the victim's browser. Both vulnerabilities are rated as important/high severity by Red Hat. No known active exploits have been reported.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 8.8 that fix these vulnerabilities. Users should apply the updates as described in Red Hat advisory RHSA-2025:8685 and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. Since this is not a cloud service, remediation requires applying the vendor-provided patches. There are no indications that additional mitigations or workarounds are required beyond applying the update.
Red Hat Security Advisory: grafana security update
Description
Red Hat has issued a security advisory addressing two vulnerabilities affecting Grafana in Red Hat Enterprise Linux 8. 8. The first vulnerability (CVE-2025-22871) involves HTTP request smuggling due to improper handling of invalid chunked data in the net/http package. The second vulnerability (CVE-2025-4123) is a high-severity cross-site scripting (XSS) flaw in Grafana via custom frontend plugins and an open redirect issue. These vulnerabilities have been rated as important by Red Hat and fixed in updated Grafana packages for affected Red Hat Enterprise Linux versions. Users should apply the provided updates to remediate these issues. No known exploits in the wild have been reported at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security issues in Grafana as packaged for Red Hat Enterprise Linux 8.8. CVE-2025-22871 is a request smuggling vulnerability in the net/http package caused by acceptance of invalid chunked data, which could allow an attacker to interfere with HTTP request processing. CVE-2025-4123 is a cross-site scripting (XSS) vulnerability in Grafana that arises through custom frontend plugins and an open redirect flaw, potentially enabling script injection attacks. Red Hat has released updated Grafana packages (version 7.5.15-7.el8_8) that address these vulnerabilities. The advisory references Red Hat's official errata RHSA-2025:8685 and provides links for applying the update.
Potential Impact
Successful exploitation of CVE-2025-22871 could allow an attacker to perform HTTP request smuggling attacks, potentially interfering with web request handling. CVE-2025-4123 could enable cross-site scripting attacks via malicious custom frontend plugins or open redirect vectors in Grafana, potentially leading to script execution in the context of the victim's browser. Both vulnerabilities are rated as important/high severity by Red Hat. No known active exploits have been reported.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 8.8 that fix these vulnerabilities. Users should apply the updates as described in Red Hat advisory RHSA-2025:8685 and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. Since this is not a cloud service, remediation requires applying the vendor-provided patches. There are no indications that additional mitigations or workarounds are required beyond applying the update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:8685
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-22871"]
- Cvss Version
- null
Threat ID: 6a18be67e29bf47b50386ed7
Added to database: 5/28/2026, 10:15:03 PM
Last enriched: 5/28/2026, 10:33:48 PM
Last updated: 5/29/2026, 5:55:17 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.